***Heads Up**** 3COM Wireless router (3CRADSL72)
Results 1 to 4 of 4

Thread: ***Heads Up**** 3COM Wireless router (3CRADSL72)

  1. #1
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197

    ***Heads Up**** 3COM Wireless router (3CRADSL72)

    Just on BugTraq:-

    The router gives you a web page with user name, password, primary and
    secondary DNS, default gateway, etc, if you access
    http://[routerIP]/app_sta.stm without athentification of any kind.

    Router details:
    Runtime Code Version 1.05 (Jan 27 2004 14:58:25)
    Boot Code Version V1.3d
    Hardware Version 01A
    ADSL Modem Code Version 13.9.38

    The password given is the password that you use to connect to the
    internet, not to the router.
    --
    karb0noxyde
    Turning it off when you aren't using it would be the only mitigation technique available at present.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    that would be an internal vulnerability ...one would hope!
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    As of now I can find nothing about this but it came over BugTraq yesterday and arrived in my inbox at 5:17pm EST.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Ok.... It's Internal/External... ish....

    Hi,

    I'm writing regarding BID 11408. I have this router at home for my ADSL
    connection. The software versions of my router are:

    Runtime Code Version 1.05 (Jan 27 2004 14:58:25)
    Boot Code Version V1.3d
    Hardware Version 01A
    ADSL Modem Code Version 13.9.38

    (taken from http://192.168.2.1/index.stm)

    Under this environment I describe the URL http://192.168.2.1/app_sta.stm
    described in this BID not only discloses some critical information. After I
    accessed this URL I could access the rest of the administrative web
    interface of the router and view/change any parameter (WEP keys, IP
    addresssing, firewall rules, dhcp server configuration....). After I access
    this URL the router considers that I´m authenticated.

    The router allows to configure if the router can be administered from the
    external interface (internet). As a workarround users should turn off this
    option. This restricts the vulnerability to internal only users, then
    considering that this is a Wireless router the highest level of protection
    should be used in the wireless configuration. I recommend using WPA-PSK and
    deactivating the ESSID Broadcast option.

    Kind regards,
    Ivan Casado Ruiz
    So... The upshot is that if you allow your router to be administered through the WAN port anyone can own the router and anyone connecting via wireless owns your router anyway. As Ivan says.... Turn off remote administration until 3COM issue the fix..... and use WPA at a minimum.....

    This is a damn huge hole IMO....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •